Virus Attacking My Dieing PC

euro04 · #1 (**permalink**) 07-11-2007, 03:25 PM

Please Help Me,This have been affecting my comp and family since today.

This is the following HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:13:40 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\COMPUT~1\LOCALS~1\Temp\Rar$EX07.172\Hi jackThis.exe
C:\DOCUME~1\COMPUT~1\LOCALS~1\Temp\Rar$EX09.953\Hi jackThis.exe

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: IntelVideoCodec - {33A12BEB-3219-4CA8-99B4-733192704C62} - C:\WINDOWS\system32\IntelVideoDivX.dll
O2 - BHO: (no name) - {33BE7439-4331-47DE-828C-0C9ADED3A9F9} - C:\WINDOWS\system32\pmkjg.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\opnmnkl.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tgdgdkap.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: {7f71e8c7-2fa5-00ca-dab4-49f7f0ae986e} - {e689ea0f-7f94-4bad-ac00-5af27c8e17f7} - C:\WINDOWS\system32\mmsdrxpv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tgdgdkap.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch. exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [f8a53b83] rundll32.exe "C:\WINDOWS\system32\kuqqrdfx.dll",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/.../GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176815616421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181043038593
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E04AA444-D9DB-411D-9639-CC1383B79EAF}: NameServer = 192.169.34.181 203.120.90.40
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: opnmnkl - opnmnkl.dll (file missing)
O20 - Winlogon Notify: tgdgdkap - C:\WINDOWS\SYSTEM32\tgdgdkap.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winetn32 - C:\WINDOWS\SYSTEM32\winetn32.dll
O20 - Winlogon Notify: winvtv32 - winvtv32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartProtection Agent Service (SmartProtection Service) - Unknown owner - C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Neal · #2 (**permalink**) 07-11-2007, 11:30 PM

Welcome,

Thanks,

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

1. Download this file - COMBOFIX
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Post a new hijackthis log also please.

euro04 · #3 (**permalink**) 08-11-2007, 01:18 AM

Dear Neal,Thanks To You My Comp Seems To Be Better.But As You Requested,I Post The HiJackthis log,ComboFix Log And VundoFix Log.

VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Scan started at 7:19:05 AM 11/8/2007

Listing files found while scanning....

C:\WINDOWS\system32\tgdgdkap.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tgdgdkap.dll

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:38 AM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\HP\KBD\KBD.EXE
C:\Documents and Settings\ComputerFixer\Desktop\HiJackThis.exe

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: {63643ea3-cf99-8dda-6ae4-21494cab7cd7} - {7dc7bac4-9412-4ea6-add8-99fc3ae34636} - C:\WINDOWS\system32\mcjibeeq.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch. exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [f8a53b83] rundll32.exe "C:\WINDOWS\system32\vgxwcsim.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/.../GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176815616421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181043038593
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: opnmnkl - opnmnkl.dll (file missing)
O20 - Winlogon Notify: winvtv32 - winvtv32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartProtection Agent Service (SmartProtection Service) - Unknown owner - C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 15756 bytes

C:\WINDOWS\system32\tgdgdkap.dll Has been deleted!

Performing Repairs to the registry.
Done!

ComboFix 07-11-08.1 - NoToVirus 2007-11-08 7:44:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.936.86.1033.18.559 [GMT 8:00]
Running from: C:\Documents and Settings\ComputerFixer\Desktop\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Owner\Application Data\1601899285.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1602613781.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1605105685.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1607765781.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1608918549.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1614441493.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1616208405.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1616473877.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1617541909.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1618479125.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1620541205.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1620715541.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1621201685.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1621827861.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1622077717.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1625825301.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1626230293.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1627987989.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1628608789.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1628702997.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1628795669.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1629595669.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1630010645.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1633044501.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1634062101.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1635792917.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1638198549.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1639106069.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1639598357.exe
C:\Documents and Settings\Compaq_Owner\Application Data\1640623893.exe
C:\Documents and Settings\Compaq_Owner\Application Data\a8shliz.exe
C:\Documents and Settings\Compaq_Owner\Application Data\b0syyqc.exe
C:\Documents and Settings\Compaq_Owner\Application Data\bhc046r.exe
C:\Documents and Settings\Compaq_Owner\Application Data\bilrz0n.exe
C:\Documents and Settings\Compaq_Owner\Application Data\c5tj5g1.exe
C:\Documents and Settings\Compaq_Owner\Application Data\c8cgtbb.exe
C:\Documents and Settings\Compaq_Owner\Application Data\diia647.exe
C:\Documents and Settings\Compaq_Owner\Application Data\e2nvgap.exe
C:\Documents and Settings\Compaq_Owner\Application Data\epxyw3a.exe
C:\Documents and Settings\Compaq_Owner\Application Data\etb1poo.exe
C:\Documents and Settings\Compaq_Owner\Application Data\f8seq2c.exe
C:\Documents and Settings\Compaq_Owner\Application Data\fhfqb6e.exe
C:\Documents and Settings\Compaq_Owner\Application Data\gixta1n.exe
C:\Documents and Settings\Compaq_Owner\Application Data\hq6xybg.exe
C:\Documents and Settings\Compaq_Owner\Application Data\k74squn.exe
C:\Documents and Settings\Compaq_Owner\Application Data\kfzwu18.exe
C:\Documents and Settings\Compaq_Owner\Application Data\lfus38j.exe
C:\Documents and Settings\Compaq_Owner\Application Data\ltvfw15.exe
C:\Documents and Settings\Compaq_Owner\Application Data\n5eblhx.exe
C:\Documents and Settings\Compaq_Owner\Application Data\o4svlnc.exe
C:\Documents and Settings\Compaq_Owner\Application Data\odsaoe1.exe
C:\Documents and Settings\Compaq_Owner\Application Data\oim5445.exe
C:\Documents and Settings\Compaq_Owner\Application Data\p4p
C:\Documents and Settings\Compaq_Owner\Application Data\p4p\rss.opml
C:\Documents and Settings\Compaq_Owner\Application Data\p4p\rsslasturl.txt
C:\Documents and Settings\Compaq_Owner\Application Data\p75kyya.exe
C:\Documents and Settings\Compaq_Owner\Application Data\qz9qz8t.exe
C:\Documents and Settings\Compaq_Owner\Application Data\ror7zzs.exe
C:\Documents and Settings\Compaq_Owner\Application Data\sg46j5k.exe
C:\Documents and Settings\Compaq_Owner\Application Data\t2penap.exe
C:\Documents and Settings\Compaq_Owner\Application Data\u7i3rpm.exe
C:\Documents and Settings\Compaq_Owner\Application Data\uhy7vgh.exe
C:\Documents and Settings\Compaq_Owner\Application Data\vovm8bj.exe
C:\Documents and Settings\Compaq_Owner\Application Data\vyrsl5l.exe
C:\Documents and Settings\Compaq_Owner\Application Data\yir0aoi.exe
C:\Documents and Settings\Compaq_Owner\Application Data\yp5m54y.exe
C:\Documents and Settings\Compaq_Owner\Application Data\zt9m5xk.exe
C:\Documents and Settings\Compaq_Owner\Favorites\Error Cleaner.url
C:\Documents and Settings\Compaq_Owner\Favorites\Privacy Protector.url
C:\Documents and Settings\Compaq_Owner\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\ComputerFixer\Application Data\1629246997.exe
C:\Documents and Settings\ComputerFixer\Application Data\kzdal7f.exe
C:\Documents and Settings\ComputerFixer\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1611186453.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1612128789.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1612557333.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1613065749.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1616351253.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1616599061.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1616982549.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1617257493.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1617372437.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1618514453.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1618534421.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1618806549.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1621538069.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1629067029.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1631638805.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1633413141.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1633419797.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1638003989.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1639200277.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\1641443861.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\ak9ayqz.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\axgfer4.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\c3cwuub.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\ce00hre.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\ddr1uo0.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\du486m0.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\dy5njg7.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\l1ute8h.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\o92l16r.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\p4p
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\p4p\rss.opml
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\p4p\rsslasturl.txt
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\pya9w4n.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\q0tr0h0.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\q1sk3lq.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\ri2iqow.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\t25izwb.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\ttmvf41.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\uh4b369.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\v05x6jv.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\ycxo33f.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\zw9civ6.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Favorites\Online Security Guide.lnk
C:\WINDOWS\hostctrl.dll
C:\WINDOWS\nmcuninstall.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\gjkmp.bak2
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini2
C:\WINDOWS\system32\gjkmp.tmp
C:\WINDOWS\system32\IntelVideoDivX.dll
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\tgdgdkap.dllbox
C:\WINDOWS\system32\winetn32.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NPF
-------\DomainService
-------\nm

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-08 07:42 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 07:19 <DIR> d-------- C:\VundoFix Backups
2007-11-08 05:27 86,080 --a------ C:\WINDOWS\system32\vgxwcsim.dll
2007-11-08 05:27 79,936 --a------ C:\WINDOWS\system32\mcjibeeq.dll
2007-11-08 05:26 71,232 --a------ C:\WINDOWS\system32\molyallc.exe
2007-11-07 22:29 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-07 22:29 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-07 22:29 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-07 22:29 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 22:29 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-07 22:29 5,060 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-07 22:19 79,936 --a------ C:\WINDOWS\system32\tonyckli.dll
2007-11-07 22:16 <DIR> d-------- C:\Documents and Settings\ComputerFixer\Application Data\Netscape
2007-11-07 21:28 <DIR> d-------- C:\Documents and Settings\ComputerFixer\Application Data\Grisoft
2007-11-07 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-07 21:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-07 20:04 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-07 20:04 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-07 20:01 <DIR> d-------- C:\Program Files\Symantec
2007-11-07 20:00 <DIR> d-------- C:\Norton360
2007-11-07 19:59 <DIR> d-------- C:\Program Files\New Folder (2)
2007-11-07 19:59 <DIR> d-------- C:\Program Files\New Folder
2007-11-07 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-07 11:15 87,104 --a------ C:\WINDOWS\system32\kuqqrdfx.dll
2007-11-07 11:15 81,472 --a------ C:\WINDOWS\system32\mmsdrxpv.dll
2007-11-07 11:14 145,984 --a------ C:\WINDOWS\system32\jlhnpylj.dll
2007-11-06 08:49 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-06 08:49 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-05 10:23 <DIR> d-------- C:\Program Files\BoltSoft
2007-11-02 22:36 9,892,226 --a------ C:\Download Accelerator Plus 8.5 Premium + Crack.ZIP
2007-11-02 15:01 <DIR> d-------- C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\Gaijin Ent
2007-11-01 17:30 <DIR> d-------- C:\My Downloads
2007-11-01 17:30 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\BearShare
2007-11-01 16:22 <DIR> d-------- C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\Apple Computer
2007-11-01 16:21 <DIR> d-------- C:\Program Files\iTunes
2007-11-01 16:21 <DIR> d-------- C:\Program Files\iPod
2007-11-01 16:19 <DIR> d-------- C:\Program Files\QuickTime
2007-11-01 16:19 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-01 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-01 16:18 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-01 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-01 15:57 <DIR> d-------- C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\Bearshare Premium P2P
2007-11-01 13:30 <DIR> d--h----- C:\Documents and Settings\ComputerFixer\Application Data\ijjigame
2007-10-30 17:12 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-10-30 16:23 <DIR> d-------- C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\Xfire
2007-10-29 22:07 138,413 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\bnzvcsx.exe
2007-10-29 21:14 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-29 11:45 <DIR> d-------- C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\PE Explorer
2007-10-28 21:28 <DIR> d-------- C:\Program Files\UZC Trial
2007-10-28 10:15 53,760 --a------ C:\WINDOWS\vfwwdm32.dll
2007-10-28 10:14 <DIR> d-------- C:\Program Files\Qmax Webcam
2007-10-28 10:14 241,628 --a------ C:\WINDOWS\system32\drivers\TD0608.SYS
2007-10-28 10:14 65,536 --a------ C:\WINDOWS\system32\CamLib10.Dll
2007-10-27 22:04 138,413 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\mmxpvrl.exe
2007-10-27 21:30 <DIR> d-------- C:\Program Files\CursorXP
2007-10-27 18:11 <DIR> d-------- C:\Documents and Settings\ComputerFixer\Application Data\TuneUp Software
2007-10-27 18:10 <DIR> d-------- C:\Documents and Settings\ComputerFixer\Application Data\Yahoo!
2007-10-27 18:10 <DIR> d-------- C:\Documents and Settings\ComputerFixer\Application Data\IE7Pro
2007-10-27 18:05 <DIR> d-------- C:\Documents and Settings\ComputerFixer\Application Data\Symantec
2007-10-27 17:39 <DIR> d-------- C:\Documents and Settings\ComputerFixer\Application Data\PC Suite
2007-10-27 17:39 <DIR> d-------- C:\Documents and Settings\ComputerFixer\Application Data\Locktime
2007-10-27 17:38 <DIR> d-------- C:\Documents and Settings\ComputerFixer\WINDOWS
2007-10-26 23:27 281,600 --a------ C:\WINDOWS\hstsys.dll
2007-10-26 23:13 138,413 --a------ C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\sgllklt.exe
2007-10-26 22:58 138,413 --a------ C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\flpxgpq.exe
2007-10-25 20:54 138,413 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\lojjdux.exe
2007-10-25 17:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-10-22 07:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-10-19 17:07 <DIR> d-------- C:\Program Files\Sallys Salon
2007-10-15 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Shockwave
2007-10-14 13:22 <DIR> d-------- C:\Program Files\Safer Networking
2007-10-12 22:42 582,656 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-12 17:30 <DIR> d-------- C:\AMESrc
2007-10-10 21:20 <DIR> d-------- C:\Program Files\ADSL
2007-10-10 21:18 6,032 --a------ C:\WINDOWS\system32\adinst32.dll
2007-10-09 12:41 13,567 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-10-09 12:40 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2007-10-09 12:39 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2007-10-09 12:39 155,648 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2007-10-09 12:38 81,924 --a------ C:\WINDOWS\system32\drivers\VC4CB104.SYS
2007-10-09 12:38 69,632 --a------ C:\WINDOWS\system32\FREGSHEX.DLL
2007-10-09 12:38 65,536 --a------ C:\WINDOWS\system32\FINFCHECK.dll
2007-10-09 12:38 45,056 --a------ C:\WINDOWS\system32\FINFCOPY.dll
2007-10-09 12:38 45,056 --a------ C:\WINDOWS\system32\FCLKBTN.DLL
2007-10-08 15:22 <DIR> d-------- C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\Netscape
2007-10-08 13:24 24,576 --a------ C:\WINDOWS\system32\RunSetup.exe
2007-10-08 11:58 <DIR> d-------- C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\LGSync
2007-10-08 11:51 <DIR> d-------- C:\Program Files\LG Electronics
2007-10-08 11:50 929,844 --a------ C:\WINDOWS\system32\MFC42D.DLL
2007-10-08 11:50 798,773 --a------ C:\WINDOWS\system32\MFCO42D.DLL
2007-10-08 11:50 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2007-10-08 11:50 291,840 --a------ C:\WINDOWS\system32\msvcirtd.dll
2007-10-08 11:50 36,864 --a------ C:\WINDOWS\system32\CSDLGE1LIB.dll
2007-10-08 11:49 <DIR> d-------- C:\Program Files\LGE GSM PC Sync

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-07 23:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-07 23:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-07 12:50 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-07 12:50 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-07 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-07 11:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 11:43 --------- d-----w C:\Program Files\Little Fighter 2.5 - v2.0
2007-11-06 07:24 --------- d-s---w C:\Program Files\Xfire
2007-11-05 02:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-03 02:59 --------- d-----w C:\Program Files\DAP
2007-11-02 08:07 --------- d-----w C:\Program Files\Shockwave.com
2007-11-01 12:06 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Xfire
2007-10-28 03:10 --------- d-----w C:\Program Files\MSN Messenger
2007-10-28 03:10 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-10-27 13:20 --------- d-----w C:\Program Files\Common Files\Stardock
2007-10-27 13:00 --------- d-----w C:\Program Files\Stardock
2007-10-27 10:12 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-10-27 09:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-27 09:43 --------- d-----w C:\Program Files\RegistryFix
2007-10-27 08:59 --------- d-----w C:\Program Files\DriftCity
2007-10-26 10:45 --------- d--h--w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\ijjigame
2007-10-24 12:31 --------- d-----w C:\Program Files\Google
2007-10-21 23:28 --------- d--h--w C:\Documents and Settings\Compaq_Owner\Application Data\ijjigame
2007-10-21 05:10 --------- d-----w C:\Program Files\BitComet
2007-10-21 05:10 --------- d-----w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\LimeWire
2007-10-19 05:17 --------- d-----w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\Image Zone Express
2007-10-14 06:58 --------- d-----w C:\Program Files\Blaze Media Pro
2007-10-14 06:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-14 05:17 --------- d-----w C:\Program Files\MessengerDiscovery
2007-10-13 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-12 15:01 --------- d-----w C:\Program Files\Oberon Media
2007-10-12 14:47 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-10-09 05:01 --------- d-----w C:\Program Files\FinePixViewer
2007-10-09 04:59 --------- d-----w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\FUJIFILM
2007-10-09 04:41 --------- d-----w C:\Program Files\PIXELA
2007-10-07 06:41 4,518 ----a-w C:\WINDOWS\system32\drivers\U3SHLPDR200.SYS
2007-10-06 00:01 --------- d-----w C:\Program Files\WIZET
2007-10-05 12:52 --------- d-----w C:\Program Files\Dream Match Tennis
2007-10-05 12:51 --------- d-----w C:\Program Files\Creative
2007-10-05 12:51 --------- d-----w C:\Program Files\Common Files\Mindmaker
2007-10-05 05:55 --------- d-----w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\MEGAUPLOADTOOLBAR
2007-10-01 12:29 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\PC Suite
2007-10-01 06:08 --------- d-----w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\Nokia
2007-10-01 05:53 --------- d-----w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\Nokia Multimedia Player
2007-10-01 05:44 --------- d-----w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\DataLayer
2007-10-01 05:39 --------- d-----w C:\Program Files\Nokia
2007-10-01 05:39 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-10-01 05:39 --------- d-----w C:\Program Files\Common Files\Nokia
2007-10-01 05:39 --------- d-----w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\PC Suite
2007-10-01 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-01 05:36 --------- d-----w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\AdobeAUM
2007-09-30 00:37 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2007-09-29 03:42 --------- d-----w C:\Program Files\Maxthon2
2007-09-29 03:35 --------- d-----w C:\Program Files\Opera 9.5 alpha
2007-09-26 16:32 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\IE7pro
2007-09-26 12:38 --------- d-----w C:\Program Files\ElcomSoft
2007-09-23 12:32 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Netscape
2007-09-23 12:31 --------- d-----w C:\Program Files\Netscape
2007-09-21 12:08 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\PE Explorer
2007-09-21 11:03 --------- d-----w C:\Program Files\Nsauditor
2007-09-20 10:58 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2007-09-20 10:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-19 02:14 16,844,800 ----a-w C:\WINDOWS\RTHDCPL.EXE
2007-09-19 01:16 4,617,728 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-09-18 06:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 06:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 06:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 06:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 06:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 06:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 06:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 06:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 06:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-17 09:02 --------- d-----w C:\Program Files\World of Warcraft
2007-09-13 12:42 --------- d-----w C:\Program Files\NHN USA
2007-09-08 13:53 --------- d-----w C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\NHN Corporation
2007-05-18 13:10 8 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\usb.dat.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7dc7bac4-9412-4ea6-add8-99fc3ae34636}]
2007-11-08 05:27 79936 --a------ C:\WINDOWS\system32\mcjibeeq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D21EF863-1ED1-41DA-804F-3E41933CFABC}]
C:\WINDOWS\system32\pmkjg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 12:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 12:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 12:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 12:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-28 01:59]
"nwiz"="nwiz.exe" [2007-08-28 01:59 C:\WINDOWS\system32\nwiz.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 20:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 20:34]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 C:\WINDOWS\system32\bthprops.cpl]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 21:50]
"ISUSScheduler"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPD ATE~1\issch.exe" [2004-07-27 21:50]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50]
"PCDrSmartMonitor"="C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2006-02-02 15:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-10 14:11]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-11-03 10:58]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP ~1\LAUNCH~1.exe" [2005-12-13 08:49]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" []
"RemoveElanIcon"="C:\WINDOWS\system32\ELAN.exe " [2002-03-05 17:41]
"AME_CSA"="amecsa.cpl" [2002-03-13 17:58 C:\WINDOWS\system32\AmeCSA.cpl]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-10-30 14:47]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 10:14 C:\WINDOWS\RTHDCPL.EXE]
"f8a53b83"="C:\WINDOWS\system32\vgxwcsim.dll" [2007-11-08 05:27]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 12:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 07:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-15 11:45]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
Magic Clock.lnk - C:\Program Files\Stardock\DesktopGadgets\Magic Clock\Magic Clock.exe [2007-10-27 21:00:13]
Magic Weather.lnk - C:\Program Files\Stardock\DesktopGadgets\Magic Weather\Magic Weather.exe [2007-10-27 21:00:14]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-10-25 06:13:12]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-02-28 10:20:45]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-06-17 12:49:25]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-03-06 15:11:53]
hp psc 1000 series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe [2003-04-09 18

38]
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmnkl]
opnmnkl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-06-28 18:29 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32]
winetn32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winvtv32]
winvtv32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjg.dll

R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\ oreans32.sys
R2 CTDevice_Srv;CT Device Query service;C:\Program Files\Creative\Shared Files\CTDevSrv.exe
R2 SmartProtection Service;SmartProtection Agent Service;C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R2 U3SHLPDR200;U3SHLPDR200;\??\C:\WINDOWS\System32\Dr ivers\U3SHLPDR200.SYS
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeA tmPc.sys
R3 AtmElan;ATM Emulated LAN;C:\WINDOWS\system32\DRIVERS\atmlane.sys
R3 DCamUSBTP10;Qmax Webcam;C:\WINDOWS\system32\Drivers\TD0608.sys
R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010003};PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver;\??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
S3 AtmLane;ATM LAN Emulation;C:\WINDOWS\system32\DRIVERS\atmlane.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter .sys
S3 dump_wmimmc;dump_wmimmc;\??\C:\Program Files\WIZET\MapleStory\GameGuard\dump_wmimmc.sys
S3 geebers12;geebers12;\??\C:\Documents and Settings\Compaq_Owner\Desktop\Everything\CheatTabl es\MapleSea Engine\BuffyV2\nvid888.sys
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\C:\Documents and Settings\Compaq_Owner\My Documents\My Received Files\IlvMoney1059a.sys
S3 PageFau1t;PageFau1t;\??\C:\Documents and Settings\Serangoon.OURCOMPUTER\Desktop\skyz\PageFa u1t.sys
S3 sys_com001;sys_com001;\??\C:\Documents and Settings\Compaq_Owner\Desktop\SysComEngine_1059\sy scom.sys
S3 USBFVNETR;EZ Connect 11 Mbps Wireless USB Adapter;C:\WINDOWS\system32\DRIVERS\vnetusbr.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 09:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
"2007-11-01 08:19:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-07 04:08:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1174792477.job"
"2007-11-07 01:35:01 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1177253528.job"
- c:\Program Files\HP\Digital Imaging\bin\hpqfrucl.exe
"2007-08-10 04:57:47 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1177822586.job"
- C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe
"2007-11-07 02:24:00 C:\WINDOWS\Tasks\FRU Task $ContextID$.job"
.
************************************************** ************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 08:03:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\miscwxgv.tmp 570170 bytes
************************************************** ************************
.
Completion time: 2007-11-08 8:08:01 - machine was rebooted
.
--- E O F ---

Thanks!

NEAL

Neal · #4 (**permalink**) 08-11-2007, 10:22 PM

You really should Uninstall from add/remove program rebooting afterwards.

bearShare
UZC Trial

Click start/run and type regedit into the run box and press the enter key. When the window appears maximise it. Click file/export and save a copy of your registry to your desktop.
Close out of that and now you should have a backup copy of your registry which looks like

Please go to hijackthis.exe and right click on it and then click on rename and rename it to foolyou.exe, press enter
and post a new log from the newly renamed hijackthis.exe. Sometimes malware hides from hijackthis.exe.

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\vgxwcsim.dll
C:\WINDOWS\system32\mcjibeeq.dll
C:\WINDOWS\system32\molyallc.exe
C:\WINDOWS\system32\kuqqrdfx.dll
C:\WINDOWS\system32\mmsdrxpv.dll
C:\WINDOWS\system32\jlhnpylj.dll
C:\Documents and Settings\Compaq_Owner\Application Data\bnzvcsx.exe
C:\Documents and Settings\Compaq_Owner\Application Data\mmxpvrl.exe
C:\WINDOWS\hstsys.dll
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\sgllklt.exe
C:\Documents and Settings\Serangoon.OURCOMPUTER\Application Data\flpxgpq.exe
C:\Documents and Settings\Compaq_Owner\Application Data\lojjdux.exe
C:\VundoFix Backups
C:\Download Accelerator Plus 8.5 Premium + Crack.ZIP
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Open notepad and copy/paste the text in the quotebox below into it:Not the word quote

Quote:

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7dc7bac4-9412-4ea6-add8-99fc3ae34636}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D21EF863-1ED1-41DA-804F-3E41933CFABC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"f8a53b83"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmnkl]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winvtv32]

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

And...

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
* Once the short scan has finished, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the files found:

* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. You can use Notepad to open the DrWeb.cvs report.

euro04 · #5 (**permalink**) 09-11-2007, 02:26 AM

Thanks Neal,I have followed ur instructions and post the Hijackthis Log And Dr Web Virus Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:58 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ComputerFixer\Desktop\foolyou.exe.exe

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch. exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINDOWS\system32\ELAN.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/.../GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176815616421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1181043038593
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E04AA444-D9DB-411D-9639-CC1383B79EAF}: NameServer = 192.169.34.181 203.120.90.40
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: opnmnkl - opnmnkl.dll (file missing)
O20 - Winlogon Notify: winvtv32 - winvtv32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartProtection Agent Service (SmartProtection Service) - Unknown owner - C:\Program Files\ThumbDrive Guard\SmartProtectionService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 15839 bytes

Dr Web Log

td2smg3_dll.dll;c:\program files\thumbdrive guard;Probably MULDROP.Trojan;;

Neal · #6 (**permalink**) 09-11-2007, 10:15 PM

I need the combofix log, it should of automatically produced one for you. Thanks.

OTmove it should of produced a log also

Run hijackthis and click on "scan system only" button and put checks next to these:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O20 - Winlogon Notify: opnmnkl - opnmnkl.dll (file missing)
O20 - Winlogon Notify: winvtv32 - winvtv32.dll (file missing)

Everything closed out but hijackthis and click on "fix checked"

Reboot your PC

How are things now?